This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.
66f62527f36bfb07368dcaf7a3f1185b
UCOPIA Wireless Appliance version prior to 5.1.8 suffer from a chroot escape privilege escalation vulnerability.
4ac33134dd66fc8aab143af5f4127cc1
UCOPIA Wireless Appliance version prior to 5.1.8 suffer from a restricted shell escape vulnerability.
d7ec758fffa0347a2564b5cb077d8709
SPIP versions 3.1.2 and below suffer from a server-side request forgery vulnerability.
6c3e48e6ba9437d4988acd3024f8d24c
SPIP versions 3.1.2 and below suffer from a PHP code execution vulnerability.
55991565e09ceb72a42ec7723d003821
SPIP versions 3.1.2 and below suffer from file enumeration and path traversal vulnerabilities.
bae4a4e262a99a0a5ab3ceb300de95e6
SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability.
19ea0f9a054fa2b4f4dad9b9c2ec1e08
SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.
2507f46ecb88e872b16a350dcfd71b5d
Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
68342f19a17e66cc296e79e67f86c303
WordPress iThemes Security suffers from insecure backup and logfile generation vulnerabilities.
0a72248fec890cb6ef88cbe6f6554721
Netgear ReadyNAS suffers from a remote root code execution vulnerability.
89ed23e4ac469a7fa5cb9e6721cc2aeb
Proxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.
7bf79fb1f827a09a146b676a1cc4f9e0
Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
40b9869aaae9701f0648ec3012fe5f27